package com.ormbench.base;

import java.util.Collection;

import net.sourceforge.stripes.validation.StringTypeConverter;
import net.sourceforge.stripes.validation.TypeConverter;
import net.sourceforge.stripes.validation.ValidationError;

import org.apache.commons.lang.StringEscapeUtils;

/**
 * Our default behavior is all strings will be escaped for html and javascript
 * characters. This is to prevent cross-site scripting attacks If you don't want
 * this behavior, explicitly use the StringNoEscapeTypeConverter built into stripes.
 * 
 * @author jacobc
 */
public class StringEscapeTypeConverter extends StringTypeConverter implements TypeConverter<String> {
	@Override
	public String convert(String input, Class<? extends String> targetType, Collection<ValidationError> errors) {
		return StringEscapeUtils.escapeHtml(input);
	}
}
